SB2018022327 - Resource exhaustion in libtasn1 (Alpine package)
Published: February 23, 2018
Security Bulletin ID
SB2018022327
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource exhaustion (CVE-ID: CVE-2018-6003)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1. A remote attacker can trigger unlimited recursion in the BER decoder and stack exhaustion to cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=69f938f4250b0ba60b9ee4e57d42325791fa0cda
- https://git.alpinelinux.org/aports/commit/?id=a17a05c052b39180e5e9ca9198ab8756ba0fc0aa
- https://git.alpinelinux.org/aports/commit/?id=b2bb01e5559952d7c2535629e34c5a46a8c2b4ff
- https://git.alpinelinux.org/aports/commit/?id=168bada46338709fc84104aad1c8331707186320
- https://git.alpinelinux.org/aports/commit/?id=416c169e023504b4f4eed09a4cf1b882c8c0724f
- https://git.alpinelinux.org/aports/commit/?id=b844828751639ed6678a815bc7b40b9508ee8e0b
- https://git.alpinelinux.org/aports/commit/?id=4fbd4bf8096893f9d7e8d2725463113bcfb5e1a9